base/bif/plugins/Zeek_WebSocket.events.bif.zeek
- GLOBAL
- Namespace
GLOBAL
Summary
Events
Generated for WebSocket Close frames. |
|
Generated when a WebSocket handshake completed. |
|
Generated for every WebSocket frame. |
|
Generated for every chunk of WebSocket frame payload data. |
|
Generated for every completed WebSocket message. |
Detailed Interface
Events
- websocket_close
- Type
event
(c:connection
, is_orig:bool
, status:count
, reason:string
)
Generated for WebSocket Close frames.
- Parameters
c – The WebSocket connection.
is_orig – True if the frame is from the originator, else false.
status – If the CloseFrame had no payload, this is 0, otherwise the value of the first two bytes in the frame’s payload.
reason – Remaining payload after status. This is capped at 2 bytes less than
WebSocket::payload_chunk_size
.
See also:
WebSocket::payload_chunk_size
- websocket_established
- Type
event
(c:connection
, aid:count
)
Generated when a WebSocket handshake completed.
- Parameters
c – The WebSocket connection.
aid – The analyzer identifier of the WebSocket analyzer.
See also:
WebSocket::__configure_analyzer
,WebSocket::configure_analyzer
- websocket_frame
-
Generated for every WebSocket frame.
- Parameters
c – The WebSocket connection.
is_orig – True if the frame is from the originator, else false.
fin – True if the fin bit is set, else false.
rsv – The value of the RSV1, RSV2 and RSV3 bits.
opcode – The frame’s opcode.
payload_len – The frame’s payload length.
- websocket_frame_data
- Type
event
(c:connection
, is_orig:bool
, data:string
)
Generated for every chunk of WebSocket frame payload data.
Do not use it to extract data from a WebSocket connection unless for testing or experimentation. Consider implementing a proper analyzer instead.
- Parameters
c – The WebSocket connection.
is_orig – True if the frame is from the originator, else false.
data – One data chunk of frame payload. The length of is at most
WebSocket::payload_chunk_size
bytes. A frame with a longer payload will result in multiple events events.
See also:
WebSocket::payload_chunk_size
- websocket_message
- Type
event
(c:connection
, is_orig:bool
, opcode:count
)
Generated for every completed WebSocket message.
- Parameters
c – The WebSocket connection.
is_orig – True if the frame is from the originator, else false.
opcode – The first frame’s opcode.